/** java.security.KeyStore#getKey(java.lang.String, char[]) */
public void test_getKeyLjava_lang_String$C() throws Exception {
// Test for method java.security.Key
// java.security.KeyStore.getKey(java.lang.String, char[])
// creatCertificate();
CertificateFactory cf = CertificateFactory.getInstance("X.509");
X509Certificate cert[] = new X509Certificate[2];
cert[0] = (X509Certificate) cf.generateCertificate(certArray);
cert[1] = (X509Certificate) cf.generateCertificate(certArray2);
KeyStore keyTest = KeyStore.getInstance(KeyStore.getDefaultType());
keyTest.load(null, null);
keyTest.setKeyEntry("alias2", getPrivateKey(), pssWord, cert);
PrivateKey returnedKey = (PrivateKey) keyTest.getKey("alias2", pssWord);
byte[] retB = returnedKey.getEncoded();
byte[] priB = getPrivateKey().getEncoded();
assertTrue(Arrays.equals(retB, priB));
assertEquals(getPrivateKey().getAlgorithm(), returnedKey.getAlgorithm());
assertEquals(getPrivateKey().getFormat(), returnedKey.getFormat());
try {
keyTest.getKey("alias2", "wrong".toCharArray());
fail();
} catch (UnrecoverableKeyException expected) {
}
keyTest.setCertificateEntry("alias1", cert[1]);
assertNull(
"the private key returned from getKey for a certificate entry is not null",
keyTest.getKey("alias1", pssWord));
}
/**
* Sign the provided payment request.
*
* @param paymentRequest Payment request to sign, in its builder form.
* @param certificateChain Certificate chain to send with the payment request, ordered from client
* certificate to root certificate. The root certificate itself may be omitted.
* @param privateKey The key to sign with. Must match the public key from the first certificate of
* the certificate chain.
*/
public static void signPaymentRequest(
Protos.PaymentRequest.Builder paymentRequest,
X509Certificate[] certificateChain,
PrivateKey privateKey) {
try {
final Protos.X509Certificates.Builder certificates = Protos.X509Certificates.newBuilder();
for (final Certificate certificate : certificateChain)
certificates.addCertificate(ByteString.copyFrom(certificate.getEncoded()));
paymentRequest.setPkiType("x509+sha256");
paymentRequest.setPkiData(certificates.build().toByteString());
paymentRequest.setSignature(ByteString.EMPTY);
final Protos.PaymentRequest paymentRequestToSign = paymentRequest.build();
final String algorithm;
if ("RSA".equalsIgnoreCase(privateKey.getAlgorithm())) algorithm = "SHA256withRSA";
else throw new IllegalStateException(privateKey.getAlgorithm());
final Signature signature = Signature.getInstance(algorithm);
signature.initSign(privateKey);
signature.update(paymentRequestToSign.toByteArray());
paymentRequest.setSignature(ByteString.copyFrom(signature.sign()));
} catch (final GeneralSecurityException x) {
// Should never happen so don't make users have to think about it.
throw new RuntimeException(x);
}
}
@Test
public void testKeygenToFileOutputStream()
throws NoSuchAlgorithmException, NoSuchProviderException, IOException {
final KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA");
final SecureRandom random = SecureRandom.getInstance("SHA1PRNG", "SUN");
keyGen.initialize(1024, random);
KeyPair pair = keyGen.generateKeyPair();
final PrivateKey priv = pair.getPrivate();
final PublicKey pub = pair.getPublic();
// Write the private key to a file
FileOutputStream privOS = new FileOutputStream("RSAPrivateKey.key");
Assert.assertNotNull(privOS);
privOS.write(priv.getEncoded());
privOS.close();
// Write the private key to a file
FileOutputStream publicOS = new FileOutputStream("RSAPublicKey.key");
Assert.assertNotNull(publicOS);
publicOS.write(pub.getEncoded());
publicOS.close();
}
public void generateLocalKeyPair(String fullUserId) {
String userId = Address.stripResource(fullUserId);
OtrDebugLogger.log("generating local key pair for: " + userId);
KeyPair keyPair;
try {
KeyPairGenerator kpg = KeyPairGenerator.getInstance(KEY_ALG);
kpg.initialize(KEY_SIZE);
keyPair = kpg.genKeyPair();
} catch (NoSuchAlgorithmException e) {
OtrDebugLogger.log("no such algorithm", e);
return;
}
OtrDebugLogger.log("SUCCESS! generating local key pair for: " + userId);
// Store Private Key.
PrivateKey privKey = keyPair.getPrivate();
PKCS8EncodedKeySpec pkcs8EncodedKeySpec = new PKCS8EncodedKeySpec(privKey.getEncoded());
this.store.setProperty(userId + ".privateKey", pkcs8EncodedKeySpec.getEncoded());
// Store Public Key.
PublicKey pubKey = keyPair.getPublic();
storeLocalPublicKey(userId, pubKey);
store.save();
}
public boolean generateKeys() {
PublicKey keyPub;
PrivateKey keyPri;
SecureRandom rand;
Security.addProvider(new ABAProvider());
rand = new SecureRandom();
rand.setSeed(System.currentTimeMillis());
try {
KeyPairGenerator fact;
KeyPair keyPair;
fact = KeyPairGenerator.getInstance("RSA", "ABA");
fact.initialize(1024, rand);
keyPair = fact.generateKeyPair();
keyPub = keyPair.getPublic();
keyPri = keyPair.getPrivate();
pubKey = bytesToHexStr(keyPub.getEncoded());
priKey = bytesToHexStr(keyPri.getEncoded());
} catch (Exception e) {
return false;
}
return true;
}
@Test
public void testPrivateKey() throws Exception {
KeyPair keyPair = KeyPairFactory.newRsa2048();
String pem = PemUtils.toPem(keyPair.getPrivate());
assertNotNull(pem);
PrivateKey privateKey = PemUtils.loadPrivateKeyFromPem(pem);
assertTrue(privateKey.getAlgorithm().equalsIgnoreCase(BcCmsConstants.KEY_PAIR_ALGO));
}
private static void dumpKeyPair(KeyPair keyPair) {
PublicKey pub = keyPair.getPublic();
System.out.println("Public Key: " + getHexString(pub.getEncoded()));
System.out.println(
"Public Key: "
+ "30820222300d06092a864886f70d01010105000382020f003082020a0282020100d7d774dd8a5326b7e17d74796ae19b1ba0d7f905cc9074b4001bed78512bcdf9330b813bf70c5bcf0c389ddb557f6152e144ae0ee6b3b1a5c0a10fd93130ca5470473396e2ffb809e1743654017ed3646ce342f8bda2cb788c6f64b03ba75f9d6bf28bf039bb4c0ccb0c0921ae7f4ba4c6eb6d211fdbdc52677a9a6ef150ac7d15a44eafb510ad16229da438966fb1e9bc6425e67518f99ffadece69935f571f6d375e16fa930335c9656386525042e8c35b2c4286410267911960542ddef1c620d30a631c2d41f2be09bd6df0eaad3333987e8c94c42691d97695701ae2ac0e1e48ea925c86cbaf48ccdc8353a51ca6e95236a4de948028ffde2ffa44f5888a411fb02dfe6f77ea40057714b02a7f7a22173d6f09336bb39a2067ae67cdf26d5ab652850d897b31013a0dfae1a6b24c3713670b6ec45ecae586996f65e00d50a258d8d061e9b69cb61571c97ec5ceeb2c343f43e9c17d9ce1a6107ab241631f1ca556ae821f7a6c468f13bb6da0fc27a15189b8b58d43c5b9a5d3e06d2689d399ba3567a55f2de1440e035746c87bdcf0635588f9d000aeb3bd0122e233010b454a7e5131e2061f82ca1a5c81b54faf269afa2ef4aeb6ae5b2a79cbb1ac9e770ecd138b66178d0267232a379bcd191358ff4a3374a819a93966188708d3991605c5d5f89146086fb048600116268fab91867434ed0c599d643b7ce313a1a4450203010001");
PrivateKey priv = keyPair.getPrivate();
System.out.println("Private Key: " + getHexString(priv.getEncoded()));
}
// 私钥加密
public static byte[] encryptByPrivateKey(String key, byte[] data) throws Exception {
// 实例化密钥材�?
PKCS8EncodedKeySpec pcs8spec = new PKCS8EncodedKeySpec(Base64.decode(key.getBytes()));
// 实例化密钥工�?
KeyFactory keyfactory = KeyFactory.getInstance(Key_ALGORITHM);
// 生成私钥
PrivateKey pritekey = keyfactory.generatePrivate(pcs8spec);
// 私钥加密
Cipher cipher = Cipher.getInstance(pritekey.getAlgorithm());
cipher.init(Cipher.ENCRYPT_MODE, pritekey);
return cipher.doFinal(data);
}
@Test
public void testX509Helpers() throws Exception {
KeyPair keyPair = SAMLUtils.generateRandomKeyPair();
String privateKeyString = SAMLUtils.savePrivateKey(keyPair.getPrivate());
String publicKeyString = SAMLUtils.savePublicKey(keyPair.getPublic());
PrivateKey privateKey = SAMLUtils.loadPrivateKey(privateKeyString);
PublicKey publicKey = SAMLUtils.loadPublicKey(publicKeyString);
assertTrue(privateKey.equals(keyPair.getPrivate()));
assertTrue(publicKey.equals(keyPair.getPublic()));
}
public PrivateKey getPrivateKey(String alias) {
PrivateKey pk = keyManager.getPrivateKey(alias);
if (Debug.verboseOn())
Debug.logVerbose(
"getPrivateKey for alias ["
+ alias
+ "] got "
+ (pk == null
? "[Not Found!]"
: "[alg:" + pk.getAlgorithm() + ";format:" + pk.getFormat() + "]"),
module);
// Debug.logInfo(new Exception(), "Location where getPrivateKey is called", module);
return pk;
}
/**
* Creates a test signature and verifies it.
*
* @param privateKey Private key to sign with
* @param publicKey Public key to verify with
* @param signatureProvider Name of provider to sign with
* @throws NoSuchAlgorithmException In case the key or signature algorithm is unknown
* @throws NoSuchProviderException In case the supplied provider name is unknown or BC is not
* installed
* @throws InvalidKeyException If signature verification failed or the key was invalid
* @throws SignatureException If the signature could not be made or verified correctly
*/
public static void testSignAndVerify(
PrivateKey privateKey, PublicKey publicKey, String signatureProvider)
throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeyException,
SignatureException {
final byte input[] = "Lillan gick pa vagen ut, motte dar en katt...".getBytes();
final String sigAlg = suggestSigAlg(publicKey);
if (sigAlg == null) {
throw new NoSuchAlgorithmException("Unknown key algorithm: " + publicKey.getAlgorithm());
}
if (LOG.isDebugEnabled()) {
LOG.debug("Testing keys with algorithm: " + publicKey.getAlgorithm());
LOG.debug("testSigAlg: " + sigAlg);
LOG.debug("provider: " + signatureProvider);
LOG.trace("privateKey: " + privateKey);
LOG.trace("privateKey class: " + privateKey.getClass().getName());
LOG.trace("publicKey: " + publicKey);
LOG.trace("publicKey class: " + publicKey.getClass().getName());
}
final Signature signSignature = Signature.getInstance(sigAlg, signatureProvider);
signSignature.initSign(privateKey);
signSignature.update(input);
byte[] signBA = signSignature.sign();
if (LOG.isTraceEnabled()) {
LOG.trace("Created signature of size: " + signBA.length);
LOG.trace("Created signature: " + new String(Hex.encode(signBA)));
}
final Signature verifySignature = Signature.getInstance(sigAlg, "BC");
verifySignature.initVerify(publicKey);
verifySignature.update(input);
if (!verifySignature.verify(signBA)) {
throw new InvalidKeyException("Test signature inconsistent");
}
}
private void validateKeys(PublicKey pubKey, PrivateKey privKey) {
if (pubKey.getAlgorithm() != privKey.getAlgorithm())
throw new IllegalArgumentException("Public and private key have different algorithms");
// No encryption for DSA
if (pubKey.getAlgorithm() != "RSA") return;
try {
String data = "ENCRYPT_DATA";
SecureRandom random = new SecureRandom();
Cipher cipher = Cipher.getInstance(pubKey.getAlgorithm());
cipher.init(Cipher.ENCRYPT_MODE, privKey, random);
byte[] encryptedData = cipher.doFinal(data.getBytes());
cipher.init(Cipher.DECRYPT_MODE, pubKey, random);
String decreptedData = new String(cipher.doFinal(encryptedData));
if (!decreptedData.equals(data)) throw new IllegalArgumentException("Bad public-private key");
} catch (BadPaddingException e) {
throw new IllegalArgumentException("Bad public-private key", e);
} catch (IllegalBlockSizeException e) {
throw new IllegalArgumentException("Bad public-private key", e);
} catch (NoSuchPaddingException e) {
throw new IllegalArgumentException("Bad public-private key", e);
} catch (InvalidKeyException e) {
throw new IllegalArgumentException("Invalid public-private key", e);
} catch (NoSuchAlgorithmException e) {
throw new IllegalArgumentException("Invalid algorithm for public-private key", e);
}
}
public static void SaveKeyPair(String path, KeyPair keyPair) throws IOException {
PrivateKey privateKey = keyPair.getPrivate();
PublicKey publicKey = keyPair.getPublic();
// Store Public Key.
X509EncodedKeySpec x509EncodedKeySpec = new X509EncodedKeySpec(publicKey.getEncoded());
FileOutputStream fos = new FileOutputStream(path + "/public.key");
fos.write(x509EncodedKeySpec.getEncoded());
fos.close();
// Store Private Key.
PKCS8EncodedKeySpec pkcs8EncodedKeySpec = new PKCS8EncodedKeySpec(privateKey.getEncoded());
fos = new FileOutputStream(path + "/private.key");
fos.write(pkcs8EncodedKeySpec.getEncoded());
fos.close();
}
/**
* 使用口令加密私钥(Base64编码)
*
* @return
*/
public String encryptPrivateKey(String passphrase) {
byte[] seeds = null;
byte[] raw = mMyPrivKey.getEncoded();
byte[] encrypted = null;
Cipher cipher;
try {
seeds = getRawKey(passphrase.getBytes());
SecretKeySpec skeySpec = new SecretKeySpec(seeds, PASS_ALGO);
cipher = Cipher.getInstance(PASS_ALGO);
cipher.init(Cipher.ENCRYPT_MODE, skeySpec);
encrypted = cipher.doFinal(raw);
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (NoSuchPaddingException e) {
e.printStackTrace();
} catch (InvalidKeyException e) {
e.printStackTrace();
} catch (IllegalBlockSizeException e) {
e.printStackTrace();
} catch (BadPaddingException e) {
e.printStackTrace();
}
String result = Base64.encodeToString(encrypted, Base64.DEFAULT);
return result;
}
public static String toPem(PrivateKey privateKey) throws CertificateEncodingException {
checkNotNull(privateKey, "Private key cannot be null.");
Base64 encoder = new Base64(Base64.PEM_CHUNK_SIZE);
return BEGIN_PRIVATE_KEY
+ NEW_LINE
+ encoder.encodeToString(privateKey.getEncoded())
+ END_PRIVATE_KEY;
}
/**
* Create a new PKCS#7 object from the specified key.
*
* @param privKey the private key to be used for signing.
* @param certChain the certificate chain associated with the private key.
* @param crlList the crl list associated with the private key.
* @param hashAlgorithm the hashing algorithm used to compute the message digest. Must be "MD5",
* "MD2", "SHA1" or "SHA"
* @param provider the provider to use.
*/
public PKCS7SignedData(
PrivateKey privKey,
Certificate[] certChain,
CRL[] crlList,
String hashAlgorithm,
String provider)
throws SecurityException, InvalidKeyException, NoSuchProviderException,
NoSuchAlgorithmException {
this.privKey = privKey;
if (hashAlgorithm.equals("MD5")) {
digestAlgorithm = ID_MD5;
} else if (hashAlgorithm.equals("MD2")) {
digestAlgorithm = ID_MD2;
} else if (hashAlgorithm.equals("SHA")) {
digestAlgorithm = ID_SHA1;
} else if (hashAlgorithm.equals("SHA1")) {
digestAlgorithm = ID_SHA1;
} else {
throw new NoSuchAlgorithmException("Unknown Hash Algorithm " + hashAlgorithm);
}
version = signerversion = 1;
certs = new ArrayList();
crls = new ArrayList();
digestalgos = new HashSet();
digestalgos.add(digestAlgorithm);
//
// Copy in the certificates and crls used to sign the private key.
//
signCert = (X509Certificate) certChain[0];
for (int i = 0; i < certChain.length; i++) {
certs.add(certChain[i]);
}
if (crlList != null) {
for (int i = 0; i < crlList.length; i++) {
crls.add(crlList[i]);
}
}
//
// Now we have private key, find out what the digestEncryptionAlgorithm is.
//
digestEncryptionAlgorithm = privKey.getAlgorithm();
if (digestEncryptionAlgorithm.equals("RSA")) {
digestEncryptionAlgorithm = ID_RSA;
} else if (digestEncryptionAlgorithm.equals("DSA")) {
digestEncryptionAlgorithm = ID_DSA;
} else {
throw new NoSuchAlgorithmException("Unknown Key Algorithm " + digestEncryptionAlgorithm);
}
sig = Signature.getInstance(getDigestAlgorithm(), provider);
sig.initSign(privKey);
}
public static void writePrivateKeyToFile(String filename, PrivateKey key) throws CryptoException {
byte[] privKeyBytes = key.getEncoded();
EncodedKeySpec ks = new PKCS8EncodedKeySpec(privKeyBytes);
try {
writeFile(filename, ks.getEncoded());
} catch (IOException e) {
throw new CryptoException(e);
}
}
private static Object getOpenSSLKeyForPrivateKey(PrivateKey privateKey) {
// Sanity checks
if (privateKey == null) {
Log.e(TAG, "privateKey == null");
return null;
}
if (!(privateKey instanceof RSAPrivateKey)) {
Log.e(TAG, "does not implement RSAPrivateKey");
return null;
}
// First, check that this is a proper instance of OpenSSLRSAPrivateKey
// or one of its sub-classes.
Class<?> superClass;
try {
superClass = Class.forName("org.apache.harmony.xnet.provider.jsse.OpenSSLRSAPrivateKey");
} catch (Exception e) {
// This may happen if the target device has a completely different
// implementation of the java.security APIs, compared to vanilla
// Android. Highly unlikely, but still possible.
Log.e(TAG, "Cannot find system OpenSSLRSAPrivateKey class: " + e);
return null;
}
if (!superClass.isInstance(privateKey)) {
// This may happen if the PrivateKey was not created by the "AndroidOpenSSL"
// provider, which should be the default. That could happen if an OEM decided
// to implement a different default provider. Also highly unlikely.
Log.e(
TAG,
"Private key is not an OpenSSLRSAPrivateKey instance, its class name is:"
+ privateKey.getClass().getCanonicalName());
return null;
}
try {
// Use reflection to invoke the 'getOpenSSLKey()' method on the
// private key. This returns another Java object that wraps a native
// EVP_PKEY and OpenSSLEngine. Note that the method is final in Android
// 4.1, so calling the superclass implementation is ok.
Method getKey = superClass.getDeclaredMethod("getOpenSSLKey");
getKey.setAccessible(true);
Object opensslKey = null;
try {
opensslKey = getKey.invoke(privateKey);
} finally {
getKey.setAccessible(false);
}
if (opensslKey == null) {
// Bail when detecting OEM "enhancement".
Log.e(TAG, "getOpenSSLKey() returned null");
return null;
}
return opensslKey;
} catch (Exception e) {
Log.e(TAG, "Exception while trying to retrieve system EVP_PKEY handle: " + e);
return null;
}
}
/**
* Called by JNI when the native HTTPS stack gets a client certificate request.
*
* <p>We delegate the request to CallbackProxy, and route its response to {@link
* #nativeSslClientCert(int, X509Certificate)}.
*/
private void requestClientCert(int handle, String hostAndPort) {
SslClientCertLookupTable table = SslClientCertLookupTable.getInstance();
if (table.IsAllowed(hostAndPort)) {
// previously allowed
PrivateKey pkey = table.PrivateKey(hostAndPort);
if (pkey instanceof OpenSSLKeyHolder) {
OpenSSLKey sslKey = ((OpenSSLKeyHolder) pkey).getOpenSSLKey();
nativeSslClientCert(handle, sslKey.getPkeyContext(), table.CertificateChain(hostAndPort));
} else {
nativeSslClientCert(handle, pkey.getEncoded(), table.CertificateChain(hostAndPort));
}
} else if (table.IsDenied(hostAndPort)) {
// previously denied
nativeSslClientCert(handle, 0, null);
} else {
// previously ignored or new
mCallbackProxy.onReceivedClientCertRequest(
new ClientCertRequestHandler(this, handle, hostAndPort, table), hostAndPort);
}
}
/**
* Creates the content signer for generation of Version 1 {@link
* java.security.cert.X509Certificate}.
*
* @param privateKey the private key
* @return the content signer
*/
public static ContentSigner createSigner(PrivateKey privateKey) {
try {
AlgorithmIdentifier sigAlgId =
new DefaultSignatureAlgorithmIdentifierFinder().find("SHA256WithRSAEncryption");
AlgorithmIdentifier digAlgId = new DefaultDigestAlgorithmIdentifierFinder().find(sigAlgId);
return new BcRSAContentSignerBuilder(sigAlgId, digAlgId)
.build(PrivateKeyFactory.createKey(privateKey.getEncoded()));
} catch (Exception e) {
throw new RuntimeException("Could not create content signer.", e);
}
}
@Override
public KeyType getKeyType() throws CVKeyTypeNotSupportedException {
String strAlgo = m_key.getAlgorithm();
if ("RSA".equals(strAlgo)) {
return KeyType.KEY_RSA;
} else if ("EC".equals(strAlgo) || "ECC".equals(strAlgo) || "ECDSA".equals(strAlgo)) {
return KeyType.KEY_ECDSA;
}
throw new CVKeyTypeNotSupportedException();
}
/**
* Sign a given message with a given PrivateKey object. This method shall only be used to
* implement signing in the context of SSL client certificate support.
*
* <p>The message will actually be a hash, computed by OpenSSL itself, depending on the type of
* the key. The result should match exactly what the vanilla implementations of the following
* OpenSSL function calls do:
*
* <p>- For a RSA private key, this should be equivalent to calling RSA_private_encrypt(...,
* RSA_PKCS1_PADDING), i.e. it must generate a raw RSA signature. The message must be either a
* combined, 36-byte MD5+SHA1 message digest or a DigestInfo value wrapping a message digest.
*
* <p>- For a ECDSA private keys, this should be equivalent to calling ECDSA_sign(0,...). The
* message must be a hash and the function shall compute a direct ECDSA signature for it.
*
* @param privateKey The PrivateKey handle.
* @param message The message to sign.
* @return signature as a byte buffer.
* <p>Important: Due to a platform bug, this function will always fail on Android < 4.2 for
* RSA PrivateKey objects. See the getOpenSSLHandleForPrivateKey() below for work-around.
*/
@CalledByNative
private static byte[] rawSignDigestWithPrivateKey(PrivateKey privateKey, byte[] message) {
// Get the Signature for this key.
Signature signature = null;
// Hint: Algorithm names come from:
// http://docs.oracle.com/javase/6/docs/technotes/guides/security/StandardNames.html
try {
String keyAlgorithm = privateKey.getAlgorithm();
if ("RSA".equalsIgnoreCase(keyAlgorithm)) {
// IMPORTANT: Due to a platform bug, this will throw NoSuchAlgorithmException
// on Android 4.1.x. Fixed in 4.2 and higher.
// See https://android-review.googlesource.com/#/c/40352/
signature = Signature.getInstance("NONEwithRSA");
} else if ("EC".equalsIgnoreCase(keyAlgorithm)) {
signature = Signature.getInstance("NONEwithECDSA");
}
} catch (NoSuchAlgorithmException e) {
// Intentionally do nothing.
}
if (signature == null) {
Log.e(TAG, "Unsupported private key algorithm: " + privateKey.getAlgorithm());
return null;
}
// Sign the message.
try {
signature.initSign(privateKey);
signature.update(message);
return signature.sign();
} catch (Exception e) {
Log.e(
TAG,
"Exception while signing message with "
+ privateKey.getAlgorithm()
+ " private key: "
+ e);
return null;
}
}
/*
* 产生RSA公私钥对
*/
public static void genRSAKeyPair() {
KeyPairGenerator rsaKeyGen = null;
KeyPair rsaKeyPair = null;
try {
System.out.println("Generating a pair of RSA key ... ");
rsaKeyGen = KeyPairGenerator.getInstance("RSA");
SecureRandom random = new SecureRandom();
random.setSeed(System.currentTimeMillis());
// rsaKeyGen.initialize(1024, random);
rsaKeyGen.initialize(1024);
rsaKeyPair = rsaKeyGen.genKeyPair();
PublicKey rsaPublic = rsaKeyPair.getPublic();
PrivateKey rsaPrivate = rsaKeyPair.getPrivate();
System.out.println("公钥:" + bytesToHexStr(rsaPublic.getEncoded()));
System.out.println("私钥:" + bytesToHexStr(rsaPrivate.getEncoded()));
System.out.println("1024-bit RSA key GENERATED.");
} catch (Exception e) {
System.out.println("genRSAKeyPair:" + e);
}
}
@Override
public String toString() {
String s = ""; // $NON-NLS-1$
// s += "This is the user data for user " +i + ": " + "\n";
if (SK != null) {
s +=
Messages.UserData_ECBDII_1
+ SK.toString().substring(0, SK.toString().indexOf('\n'))
+ "\n"; //$NON-NLS-2$
}
if (PK != null) {
s +=
Messages.UserData_ECBDII_3
+ PK.toString().substring(0, PK.toString().indexOf('\n'))
+ "\n"; //$NON-NLS-2$
}
if (nonce != null) {
s += Messages.UserData_ECBDII_5 + nonce.toString() + "\n"; // $NON-NLS-2$
}
if (DHKeyPair != null) {
if (DHKeyPair.getSK() != null && !DHKeyPair.getSK().toString().equals("")) { // $NON-NLS-1$
s += Messages.UserData_ECBDII_0;
s += DHKeyPair.getSK().toString() + "\n"; // $NON-NLS-1$
}
if (DHKeyPair.getPK() != null && !DHKeyPair.getPK().GetPrintP().equals("")) { // $NON-NLS-1$
s += Messages.UserData_ECBDII_11;
s += DHKeyPair.getPK().GetPrintP() + "\n"; // $NON-NLS-1$
}
}
if (Xvalue != null && !Xvalue.PrintP().equals("")) { // $NON-NLS-1$
s += Messages.UserData_ECBDII_14 + Xvalue.PrintP() + "\n"; // $NON-NLS-2$
}
if (key != null && !key.PrintP().equals("")) { // $NON-NLS-1$
s += Messages.UserData_ECBDII_17 + key.PrintP() + "\n"; // $NON-NLS-2$
}
return s;
}
// internal implementation of translateKey() for private keys. See JCA doc
private PrivateKey translatePrivateKey(PrivateKey key) throws InvalidKeyException {
if (key instanceof RSAPrivateCrtKey) {
if (key instanceof RSAPrivateCrtKeyImpl) {
return key;
}
RSAPrivateCrtKey rsaKey = (RSAPrivateCrtKey) key;
try {
return new RSAPrivateCrtKeyImpl(
rsaKey.getModulus(),
rsaKey.getPublicExponent(),
rsaKey.getPrivateExponent(),
rsaKey.getPrimeP(),
rsaKey.getPrimeQ(),
rsaKey.getPrimeExponentP(),
rsaKey.getPrimeExponentQ(),
rsaKey.getCrtCoefficient());
} catch (RuntimeException e) {
// catch providers that incorrectly implement RSAPrivateCrtKey
throw new InvalidKeyException("Invalid key", e);
}
} else if (key instanceof RSAPrivateKey) {
if (key instanceof RSAPrivateKeyImpl) {
return key;
}
RSAPrivateKey rsaKey = (RSAPrivateKey) key;
try {
return new RSAPrivateKeyImpl(rsaKey.getModulus(), rsaKey.getPrivateExponent());
} catch (RuntimeException e) {
// catch providers that incorrectly implement RSAPrivateKey
throw new InvalidKeyException("Invalid key", e);
}
} else if ("PKCS#8".equals(key.getFormat())) {
byte[] encoded = key.getEncoded();
return RSAPrivateCrtKeyImpl.newKey(encoded);
} else {
throw new InvalidKeyException(
"Private keys must be instance " + "of RSAPrivate(Crt)Key or have PKCS#8 encoding");
}
}
private String decryptCredential(final String cred) {
try {
final PrivateKeyFactoryBean factory = new PrivateKeyFactoryBean();
factory.setAlgorithm("RSA");
factory.setLocation(new ClassPathResource("RSA1024Private.p8"));
factory.setSingleton(false);
final PrivateKey privateKey = factory.getObject();
logger.debug("Initializing cipher based on [{}]", privateKey.getAlgorithm());
final Cipher cipher = Cipher.getInstance(privateKey.getAlgorithm());
logger.debug("Decoding value [{}]", cred);
final byte[] cred64 = CompressionUtils.decodeBase64ToByteArray(cred);
logger.debug("Initializing decrypt-mode via private key [{}]", privateKey.getAlgorithm());
cipher.init(Cipher.DECRYPT_MODE, privateKey);
final byte[] cipherData = cipher.doFinal(cred64);
return new String(cipherData);
} catch (final Exception e) {
throw new RuntimeException(e);
}
}
/*
* 模拟与银行整个交互过程
*/
public static void main(String[] args) {
try {
// 银行产生RSA 公钥私钥,自己保留私钥,把公钥发给用友
KeyPair keys = instance.generateRSAKeyPair("syj".getBytes());
PublicKey pubkey = keys.getPublic();
PrivateKey prikey = keys.getPrivate();
String pubKeyStr = new BASE64Encoder().encodeBuffer(pubkey.getEncoded());
String priKeyStr = new BASE64Encoder().encodeBuffer(prikey.getEncoded());
System.out.println("pubKey = " + pubKeyStr);
System.out.println("priKey = " + priKeyStr);
// 银行产生AES密钥
byte[] aesKyeByte = instance.generateAesByte("atrcdfdsfs".getBytes());
System.out.println("beforeEncAesKyeStr = " + new BASE64Encoder().encodeBuffer(aesKyeByte));
// 银行用RSA私钥加密AES密钥,然后将加密后的aesEncStr返回给用友
String aesEncStr =
instance.encryptAesSeed(
new BASE64Encoder().encodeBuffer(aesKyeByte),
instance.generateRSAPrivateKey(priKeyStr));
System.out.println("加密后的秘钥 = " + aesEncStr);
// 用友用RSA公钥解密aesEncStr得到AES明文
byte[] aesDecBytes =
instance.decryptAesSeed(aesEncStr, instance.generateRSAPublicKey(pubKeyStr));
System.out.println("afterDecAesKyeStr = " + new BASE64Encoder().encodeBuffer(aesDecBytes));
// 用友用AES加密发送xml报文给银行
String requestXml = instance.generateXml();
System.out.println("beforeEncXml = " + requestXml);
SecretKey secretKey = instance.generateAESSecretKey(aesDecBytes);
String base64RequestXml = instance.encryptRequestXml(requestXml, secretKey);
// 银行解密收到的xml报文
String resultXml = instance.decryptResultXml(base64RequestXml, secretKey);
System.out.println("afterDecXml = " + resultXml);
// 银行将结果xml用AES加密后返回给用友
// 用友用AES解密报文,完成整个交互流程
} catch (Exception e) {
e.printStackTrace();
}
}
public static String getPrivate(String path, String pwd) {
try {
KeyStore ks = KeyStore.getInstance("PKCS12");
FileInputStream is = new FileInputStream(path);
ks.load(is, pwd.toCharArray());
is.close();
System.out.println("keystore type=" + ks.getType());
Enumeration enuma = ks.aliases();
String keyAlias = null;
if (enuma.hasMoreElements()) {
keyAlias = (String) enuma.nextElement();
System.out.println("alias=[" + keyAlias + "]");
}
System.out.println("is key entry=" + ks.isKeyEntry(keyAlias));
BASE64Encoder enc = new BASE64Encoder();
PrivateKey privatekey = (PrivateKey) ks.getKey(keyAlias, pwd.toCharArray());
System.out.println("private key = " + enc.encode(privatekey.getEncoded()));
return enc.encode(privatekey.getEncoded());
} catch (Exception e) {
e.printStackTrace();
return null;
}
}
/**
* Generate a local key pair. Be careful. If there is already an key pair, it will override it
*
* @param sessionID the sessionID that is identified with the local machine
*/
public void generateLocalKeyPair(SessionID sessionID) {
if (sessionID == null) return;
String accountID = sessionID.getAccountID();
KeyPair keyPair;
try {
keyPair = KeyPairGenerator.getInstance("DSA").genKeyPair();
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
return;
}
// Store Public Key.
PublicKey pubKey = keyPair.getPublic();
X509EncodedKeySpec x509EncodedKeySpec = new X509EncodedKeySpec(pubKey.getEncoded());
this.store.setProperty(accountID + ".publicKey", x509EncodedKeySpec.getEncoded());
// Store Private Key.
PrivateKey privKey = keyPair.getPrivate();
PKCS8EncodedKeySpec pkcs8EncodedKeySpec = new PKCS8EncodedKeySpec(privKey.getEncoded());
this.store.setProperty(accountID + ".privateKey", pkcs8EncodedKeySpec.getEncoded());
}
/**
* 生成公匙和私匙
*
* @param seed 种子
* @return
* @throws Exception
*/
public static Map<String, String> generateKey(String seed) throws Exception {
Map<String, String> map = new HashMap<String, String>(2);
KeyPairGenerator keygen = KeyPairGenerator.getInstance("DSA");
SecureRandom random = new SecureRandom();
random.setSeed(seed.getBytes("utf8"));
keygen.initialize(1024, random);
KeyPair keyPair = keygen.generateKeyPair();
PublicKey publicKey = keyPair.getPublic();
PrivateKey privateKey = keyPair.getPrivate();
Base64 base64 = new Base64();
String publicKeyString = new String(base64.encode(publicKey.getEncoded()), "utf8");
String privateKeyString = new String(base64.encode(privateKey.getEncoded()), "utf8");
// BASE64Encoder encoder = new BASE64Encoder();
// map.put("public", encoder.encode(publicKey.getEncoded()));
// map.put("private", encoder.encode(privateKey.getEncoded()));
map.put("public", publicKeyString);
map.put("private", privateKeyString);
System.out.println("publicKey: " + map.get("public"));
System.out.println("privateKey: " + map.get("private"));
return map;
}